← Back to PitchPilot

Privacy Policy

Last updated: 25 February 2026

PitchPilot is a Chrome extension built and operated by Machine Dogma LLC, based in Eugene, Oregon, United States. We take your privacy seriously. This policy explains what data we collect, what we do not collect, and how your information is handled.

1. What PitchPilot Does

PitchPilot reads publicly visible data from LinkedIn profile pages you visit and uses your own AI API key (OpenAI or Anthropic) to generate personalised outreach messages. The extension operates primarily within your browser.

2. Data We Do NOT Collect

• API keys: Your OpenAI and Anthropic API keys are stored locally in your browser using chrome.storage.local. They are never transmitted to our servers.
• LinkedIn profile data: Scraped profile data is processed entirely within your browser and sent directly from your browser to the AI provider you selected. We never see, store, or have access to any LinkedIn data.
• Generated messages: Message history is stored locally in your browser. We do not collect, read, or store any messages generated by the extension.
• Browsing history: We do not track which pages you visit. The extension only activates on LinkedIn profile pages matching linkedin.com/in/*.
• Analytics or tracking: We do not use any analytics services, tracking pixels, or cookies within the extension.

3. Data We DO Collect

We collect only the minimum data required to manage your account and subscription:

• Account information: When you sign up via Google OAuth, we receive your name and email address. This is stored in our authentication provider (Supabase) solely for account management.
• Subscription status: We store whether your account is on a free trial, has an active subscription, or has expired. This is used to determine your access level.
• Payment information: Payments are processed entirely by Stripe. We do not store credit card numbers, bank details, or any financial information on our servers. We receive only a confirmation that payment was successful.

4. How AI API Calls Work

When you generate a message, the extension sends the scraped LinkedIn data and your prompt directly from your browser to the AI provider (OpenAI or Anthropic) using your own API key. This data does not pass through our servers at any point. Your relationship with the AI provider is governed by their own privacy policies and terms of service.

5. Data Storage and Security

• Local data (API keys, preferences, message history) is stored in chrome.storage.local within your browser. It persists until you uninstall the extension or clear it manually.
• Account data (email, subscription status) is stored securely in Supabase with row-level security policies ensuring users can only access their own data.
• Payment data is handled entirely by Stripe and subject to their PCI-compliant security standards.

6. Third-Party Services

PitchPilot integrates with the following third-party services:

• Supabase — Authentication and subscription management. Privacy Policy
• Stripe — Payment processing. Privacy Policy
• OpenAI — AI message generation (if selected by user). Privacy Policy
• Anthropic — AI message generation (if selected by user). Privacy Policy

7. Permissions Explained

The extension requests the following Chrome permissions:

• storage: To save your preferences, API keys, and message history locally in your browser.
• sidePanel: To display the PitchPilot interface as a Chrome side panel.
• activeTab: To read the content of the LinkedIn profile page you are currently viewing.
• tabs: To detect when you navigate to a LinkedIn profile page.
• scripting: To inject the profile-reading script on LinkedIn pages.
• alarms: For periodic subscription status checks.
• Host permissions (linkedin.com, openai.com, anthropic.com): To read LinkedIn profiles and make direct API calls to the AI providers from your browser.

8. Data Retention and Deletion

Local data is deleted when you uninstall the extension. Account data can be deleted upon request by contacting us. If you cancel your subscription, your account data will be retained for 90 days in case you wish to resubscribe, after which it will be permanently deleted.

9. Children's Privacy

PitchPilot is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated date. Continued use of the extension after changes constitutes acceptance of the revised policy.

11. Contact

If you have questions about this privacy policy or wish to request deletion of your data, please get in touch with us.

Machine Dogma
United States